1. Field of the Invention
The present invention relates in general to a network transmission technology and network system. More specifically, the invention relates to a method and system for performing private transmissions between special network nodes of a public network, such as open local area networks (hereafter referred to as LAN).
2. Description of the Related Art
Building a private network for the transmission of private data is costly due to the expense of installing a private cable line between two distant network. For this reason, private networks are not frequently used except under special circumstances, such as the connection of government or military equipment.
In addition, most networks are open, which means that all of the network nodes in the network can access the data being transmitted in the wiring of the network. For example, Ethernet is one of the most frequently used open networks. FIG. 1 (Prior Art) illustrates a sample network topology diagram of the Ethernet. As shown in FIG. 1, there are four network nodes connected to the network Ethernet 10, which are denoted by node 1, node 2, node 3 and node 4. When a network node sends a data packet to another network node, for example, from node 1 to node 2, all network nodes in the network can receive this data packet, including node 2, which serves as the real destination of the data packet, and nodes 3 and 4, which are not the destination of the data packet. Each network node can judge the real destination of the currently transmitted data packet by the information in the destination address (DA) contained therein.
FIG. 2 (Prior Art) schematically illustrates a packet template defined in the Ethernet. As shown in FIG. 2, packet 30 consists of several fields. These fields are preamble 31, destination address (DA) 32, source address (SA) 33, data length 34, data 35 and FCS field 39. Preamble 31 contains synchronizing information and is manipulated by the physical layer protocol. DA 32 and SA 33 are used to indicate the destination node and the source node of the transmitted packet, respectively. Generally, these addresses correspond to the serial number of the network card installed in the network node. Data length 34 represents the data length of the following data 35 in bytes and data 35 is used to store the data being sent. FCS field 39 stores a check data, also called cyclic redundant check codes (CRC) of packet 30, which is used detect any transmission errors in the packet. The data stored in FCS field 39 is generated by a CRC polynomial generating function G(x). For example, according to the Institute of Electrical and Electronic Engineering (IEEE) 802.3 standard, G(x) is defined as x.sup.32 +x.sup.26 +x.sup.23 +x.sup.22 +x.sup.16 +x.sup.12 +x.sup.11 +x.sup.10 +X.sup.8 +x.sup.7 +x.sup.5 +x.sup.4 +x.sup.2 +x+1.
Return to the transmission example illustrated in FIG. 1. Under the normal Ethernet protocol, when node 1 transmits a packet to Ethernet 10, each of the nodes 2, 3 and 4 can receive this packet. Then these nodes check the data stored in FCS field 39 of the received packet and determine whether any transmission errors occurred. If the check result reveals the existence of a transmission error, the received packet will be removed. On the other hand, if the check result reveals no error, these network nodes will further check whether the destination address stored in DA 42 matches with their own network addresses. If the destination address does not match with the network address, then the received packet will be dropped out.
According to the above-indicated description, packets transmitted under the normal network protocol can be captured by all network nodes connected to the network. While the network nodes should abandon packets having inconsistent destination addresses under the normal network protocol, it is evident that invaders could readily modify monitor programs to intercept packets that are sent to other network nodes. In other words, private transmission over a public Ethernet cannot be directly implemented.
Privately transmitting data over a public network requires the construction of a private transmission path, such as path 10a shown in FIG. 1, for blocking the access of other network nodes to the transmitted data. Encryption/Decryption is one of the most frequently used techniques in the conventional art. The network node on the transmitter end first encrypts data by using an encryption key and transmits the encrypted data to the network. The network node on the receiver end then decrypts the received data by using a corresponding decryption key and acquires the needed data. During the transmission, other network nodes can still intercept this encrypted data, but are unable to acquire effective data due to the deficiency of an appropriate decryption key. Therefore, private data transmission is achieved.
However, one of the drawbacks of the conventional encryption/decryption scheme is that both sides require a pair of consistent encryption/decryption keys before the private transmission is performed. In addition, the selected encryption/decryption keys cannot be randomly changed during the transmission in order to prevent data loss. One way to solve these problems is to put the encryption/decryption keys on the network as common data, which can then real-time synchronize the consistency of the pair of encryption/decryption keys employed by the transmitter and receiver. However, it is evident that such a communication technique can not ensure the privacy of the encryption/decryption keys.